Read more about the article Kryptos K4 is not a Vigenere Cipher

Kryptos K4 is not a Vigenere Cipher

The fourth passage of the Kryptos sculpture has been unsolved for over 21 years. If you are one of the professional cryptanalysists and amateur enthusiasts who have attempted to solve this puzzle, you may be wondering if Kryptos passage 4 (K4) can be solved by a double key Vigenere cipher. The answer seems to be no. Kryptos cipher 4 is not a Vigenere cipher.I'll walk through how I attempted to brute force the keys for…

Continue ReadingKryptos K4 is not a Vigenere Cipher
Read more about the article A Brief Summary of the 2021 Senate Intel Committee Hearing

A Brief Summary of the 2021 Senate Intel Committee Hearing

You slept in and missed the Senate Intel Committee hearing on worldwide threats. No problem, I'll give you a rundown.The top 5 threats to the US right now are China, Russia, Iran, North Korea, and terrorism. Haines, the ODNI director, broke it down:China: competition in the cyber, space, and geographic spaces. A "near peer". They have their own demographic challenges.Russia: interested in asymmetric conflict (cyberrrrr) with the goal of weakening the USIran: regionally crucial, Iraq…

Continue ReadingA Brief Summary of the 2021 Senate Intel Committee Hearing
Read more about the article QIF: Channel to Hyper-Distribution

QIF: Channel to Hyper-Distribution

Information leakage happens when a system helps an adversary achieve some goal. We can understand leakage through quantitative information flow (QIF), a robust framework that gives ways to quantify the amount of leakage of a system. In this post, we will walk through how we can statically model a system as a channel matrix. We'll also see how a channel maps a prior probability distribution to a hyper-distribution that helps an adversary narrow down the…

Continue ReadingQIF: Channel to Hyper-Distribution
Read more about the article Bayes Vulnerability: Introduction to QIF

Bayes Vulnerability: Introduction to QIF

Here I introduce an introductory overview of quantitative information flow (QIF), a mathematical framework used to precisely discuss leakage. We start with a system that takes some sensitive information as input, processes it, and produces some publicly observable output. We want to determine how the system affected the sensitive information. This overview will focus on the often relevant and intuitive measure of Bayes vulnerability, which addresses when the adversary must guess the value of the…

Continue ReadingBayes Vulnerability: Introduction to QIF
Read more about the article CYBERWARCON Recap
US Capital Building

CYBERWARCON Recap

CYBERWARCON was a one-day conference held in Arlington, VA on November 28.  Talks were about threat analysis, covering advanced persistent threat (APT) attacks and information operations (IO). For me, the conference demonstrated its value by supplanting sensationalism with concrete operational insights. Here's some of my takeaways from the talks. Please forgive my fuzzy pictures! Thomas Reid The wider socio-political context may be necessary to understand forensics.Exposing part of an IO can sustain it. Camille Francois…

Continue ReadingCYBERWARCON Recap